How do I create a chained SSL certificate?

Certificate chains are fully supported in ZXTM through the admin interface. A certificate chain is sometimes required when your public certificate is signed by a Certificate Authority's intermediate certificate rather than a root certificate.

Creating the certificate chain is easily performed from the SSL Certificate catalog:

1. Upload or import your Certificate that was signed by the Certificate Authority.
2. Click the Add intermediate certificate.
3. Upload the intermediate Certificate supplied by your Certificate Authority.

The User interface will now display both your Certificate and the intermediate Certificate.

Starting in ZXTM 5.0r1 you can add multiple intermediate certificates (e.g. for an EV certificate) through the user interface.

Older versions

User interface support for chained certificates was added in version 4.1, chained certificates in older versions are possible using a few command line operations to join your public certificate and your Certificate Authority's intermediate certifcate together.

If your public certificate is named 'my.pub' and your CA's public certificate (the intermediate cert) named 'ca.pub',then the following steps will create a valid chained certificate:

  cat my.pub ca.pub > chained.pub

The ZEUSHOME/admin/bin/cert program has a '--check' option toensure that private and public keys form a valid pair. Run this command to ensure that your new certifcate is valid:

  cert -key <private_certificate> -in <chained.pub> --check

The chained certificate 'chained.pub' can now be renamed if neccessary and imported into ZXTM via the Admin Interface.

Owen Garrett [Zeus Dev Team] 04 September 2006 1 comment